Netizen Cybersecurity Bulletin 12 December 2018
In This Issue:
In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.
- Kubernetes Vulnerability
- phpMyAdmin Critical Software Update
- Phish Tale of the Week
- How can Netizen help?
Kubernetes, a Linux container orchestrator, has revealed a flaw in their code that allows privilege escalation for both authorized & unauthorized users. What started out as a bug report on Github quickly turned into a realization by the developers of the implications of said bug.
Something that increases the severity of this vulnerability is the scope of it. It has existed in every version of Kubernetes since v1.0. Fortunately, the Kubernetes team has released patches for the vulnerability. The next question is how quickly will enterprise users patch their own installations.
If your organization uses Kubernetes, make sure to update to any deployed instances to versions 1.10.11, 1.11.5, 1.12.3 and 1.13.0-rc1. If your organization is unable to update, mitigation steps have been published here: https://github.com/kubernetes/kubernetes/issues/71411
phpMyAdmin Critical Software Update
One of the most popular MySQL database management systems has issued a new patch, updating to version 4.8.4 solving numerous important vulnerabilities. phpMyAdmin is an open-source (free) administration tool offering a graphical user interface via a browser for MySQL; which in turn is an open-source relational database management system. phpMyAdmin is so popular that many web hosting services preinstall the software within their control panels to assist admins in managing their databases for websites, of which big sites like WordPress are included. While there were some smaller bugs there are three main critical vulnerabilities patched:
- Local file inclusion (CVE-2018-19968) — phpMyAdmin versions from at least 4.0 through 4.8.3 includes a local file inclusion flaw that could allow a remote attacker to read sensitive contents from local files on the server through its transformation feature.
- Cross-Site Request Forgery (CSRF)/XSRF (CVE-2018-19969) — phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 includes a CSRF/XSRF flaw, which if exploited, could allow attackers to “perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes” just by convincing victims into opening specially crafted links.
- Cross-site scripting (XSS) (CVE-2018-19970) — The software also includes a cross-site scripting vulnerability in its navigation tree, which impacts versions from at least 4.0 through 4.8.3, using which an attacker can inject malicious code into the dashboard through a specially-crafted database/table name.
The most obvious recommendation we can make is that if you are using phpMyAdmin, you need to update it to the most current version (4.8.4). While the solution is simple, it serves as an important reminder to keep systems patched and updated regularly. If a patch is forgotten or brushed aside and not deemed dire enough to deal with then you could be leaving your organization open to attack; it may take 3 months or 3 years, but it only takes one breach to cost the company dearly—both in finances and reputation.
Phish Tale of the Week
Netizen captures many phishes each month, which we feature here. This week one of our users was being spammed by an agent claiming to be from the Department of Veteran Affairs. This email was sent to the user numerous times.The email was unsolicited, claiming that a payment was received that was never even made; it was vague,and an untitled document was attached as well.
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.
- Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
- Verify that the sender is actually from the company sending the message.
- Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
- Do not give out personal or company information.
- Review both signature and salutation.
- Do not click on attachments.
- Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
- Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.
Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company.